What We Learned from Studying 36,000 OSS Projects | Press Release

blog-logo Sonatype Blog

The Dot Zero Conundrum and the New Frontier of Securing Open Source

By Brian Fox on September 24, 2019 code quality
Sonatype is combining a new type of behavioral analysis with machine learning and proprietary data, creating early warning capabilities to detect malicious releases of open source components.
Read More...

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

By Elisa Velarde on April 26, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss a very popular component used by developers worldwide. Say hello to CVE-2019-0232, a remote code execution vulnerability.
Read More...

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

By Elisa Velarde on March 29, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss an older component that is used by millions of developers. Say hello to CVE-2014-3483, a SQL injection vulnerability.
Read More...

Nexus Intelligence Insights: CVE-2014-3603 — Lack of Hostname Verification in OpenSAML

By Akshay 'Ax' Sharma on February 26, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss an older component, but one that is widely used across a variety of ecosystems, and has a vulnerability that could be catastrophic. Say hello to
Read More...

Nexus Intelligence Insights - CVE-2017-5662 - Cross-Site Scripting (XSS)

By Elisa Velarde on January 25, 2019 vulnerabilities
Nexus Intelligence Insights - CVE-2017-5662 - Cross-Site Scripting (XSS)
Read More...

Introducing Nexus Intelligence Insights

By Elisa Velarde on October 12, 2018 vulnerabilities
Nexus Intelligence Insights
Read More...

New JavaScript intelligence now available in the Nexus Platform

By Michelle Dufty on August 29, 2018 Nexus Lifecycle
Nexus Intelligence now includes expanded coverage for JavaScript to identify hidden JS files not found in other solutions and a new user experience to identify and remediate JS vulnerabilities faster.
Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems. Much has changed since then. Today,
Read More...

The Un-Conference 2018

By Derek Weeks on May 16, 2018 Nexus Lifecycle
On June 6 - 7, we are hosting an Un-Conference. Its our first annual Nexus User Conference and we're super excited about it. And with over 1,000 people registered to attend, it looks like we're not
Read More...